package zyn_hy_login;

public class Check_sql extends Page
{
	protected Page thisPage;

	public Check_sql(Page sPage)
	{
		this.thisPage = sPage;
		this.urlCheck_sql();
	}

	public final boolean Check_From_Sql()
	{
		NameValueCollection form = this.thisPage.Request.Form;
		int index = 0;
		for (index = 0; index < form.size(); index++)
		{
			String[] values = form.GetValues(index);
			String key = form.GetKey(index);
			String text2 = values[0].toLowerCase();
			if ((((text2.indexOf("'", 0, text2.length()) != -1) || (text2.indexOf("and", 0, text2.length()) != -1)) || ((text2.indexOf("select", 0, text2.length()) != -1) || (text2.indexOf("update", 0, text2.length()) != -1))) || ((((text2.indexOf("chr", 0, text2.length()) != -1) || (text2.indexOf("delete%20from", 0, text2.length()) != -1)) || ((text2.indexOf(";", 0, text2.length()) != -1) || (text2.indexOf("insert", 0, text2.length()) != -1))) || ((text2.indexOf("mid", 0, text2.length()) != -1) || (text2.indexOf("master.", 0, text2.length()) != -1))))
			{
				String script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
				script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
				this.thisPage.RegisterStartupScript("03", script);
				return false;
			}
		}
		return true;
	}

	public final boolean Check_Text_Sql(String from_text)
	{
		String text = from_text;
		if ((((text.indexOf("'", 0, text.length()) != -1) || (text.indexOf("and", 0, text.length()) != -1)) || ((text.indexOf("select", 0, text.length()) != -1) || (text.indexOf("update", 0, text.length()) != -1))) || ((((text.indexOf("chr", 0, text.length()) != -1) || (text.indexOf("delete%20from", 0, text.length()) != -1)) || ((text.indexOf(";", 0, text.length()) != -1) || (text.indexOf("insert", 0, text.length()) != -1))) || ((text.indexOf("mid", 0, text.length()) != -1) || (text.indexOf("master.", 0, text.length()) != -1))))
		{
			String script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
			script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
			this.thisPage.RegisterStartupScript("03", script);
			return false;
		}
		return true;
	}

	public final void showMessage(String p_strShowMessage)
	{
		this.thisPage.RegisterStartupScript("01", "<script language=javascript> alert('" + p_strShowMessage + "')</script>");
	}

	public final boolean urlCheck_sql()
	{
		if (this.thisPage.Request.ServerVariables["HTTP_REFERER"] == null)
		{
			this.showMessage("警告！不允许通过Url提交数据！！页面即将关闭！！");
			this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
			return false;
		}
		String text = this.thisPage.Request.ServerVariables["HTTP_REFERER"].toString();
		String text2 = this.thisPage.Request.ServerVariables["SERVER_NAME"].toString();
		if (!text.substring(7, 7 + text2.length()).equals(text2))
		{
			this.showMessage("警告！你正在从外部提交数据！！页面即将关闭！！");
			this.thisPage.RegisterStartupScript("02", "<script language=javascript>window.opener=null;window.close();</script>");
			return false;
		}
		NameValueCollection queryString = this.thisPage.Request.QueryString;
		int index = 0;
		for (index = 0; index < queryString.size(); index++)
		{
			String[] values = queryString.GetValues(index);
			String key = queryString.GetKey(index);
			String text4 = values[0].toLowerCase();
			if ((((text4.indexOf("'", 0, text4.length()) != -1) || (text4.indexOf("and", 0, text4.length()) != -1)) || ((text4.indexOf("select", 0, text4.length()) != -1) || (text4.indexOf("update", 0, text4.length()) != -1))) || ((((text4.indexOf("chr", 0, text4.length()) != -1) || (text4.indexOf("delete%20from", 0, text4.length()) != -1)) || ((text4.indexOf(";", 0, text4.length()) != -1) || (text4.indexOf("insert", 0, text4.length()) != -1))) || ((text4.indexOf("mid", 0, text4.length()) != -1) || (text4.indexOf("master.", 0, text4.length()) != -1))))
			{
				String script = "<Script Language=JavaScript>alert('出现错误！在你输入的内容中不要出现：";
				script = script + "\n\n ;,and,select,update,insert,delete,chr 等非法字符！');location.href='javascript:history.back()';</Script>";
				this.thisPage.RegisterStartupScript("03", script);
				return false;
			}
		}
		return true;
	}
}